Phylum Releases a Free Community Edition to Make Software Supply Chain Security More Accessible
Users can identify risks across five domains, work on multiple projects and take advantage of exclusive community benefits
EVERGREEN, Colo., Aug. 4, 2022 /PRNewswire/ -- Phylum, The Software Supply Chain Security Company, announces the release of its free Phylum Community Edition to expand the standard in supply chain security risk analysis to everyone.
The free Phylum Community Edition allows any user to identify open-source risks across five domains with deductive analysis that is integrated into every stage of a build. Available immediately, users can:
"We're excited to get Phylum in the hands of security engineers and developers around the world. Supply chain attacks are just getting started, and users need the ability to identify risk across the entire OSS supply chain attack surface. With the Phylum Community Edition, users can quickly understand valuable risk insights based on our unique approach to defending the software supply chain," said Peter Morgan, co-founder ad president of Phylum.
The Phylum Risk Framework
Phylum's proactive approach to analyzing the risk inherent within the software supply chain is built from years of research and observation.
Instead of taking a retrospective approach by analyzing incidents after they occur, Phylum starts by consuming all available information about open-source packages and structuring the data in a consistent format for analysis. Layers of analytics, heuristics and ML models then comb through the data to find risk indicators. Deductive analysis is then applied to account for the entire context around each indicator, and identified risks are prioritized based on the risk tolerance criteria set by the organization.
This allows Phylum to effectively surface and prioritize meaningful issues before an incident occurs, in a manner that does not overwhelm security teams. These risks can then be addressed before leading to compromise, outages, service degradation at runtime or legal liability.
"Given the large volume of components involved in the development of modern software, surfacing meaningful findings becomes critically important - as does accurately prioritizing issues. Phylum defines the attack surface and conducts the deductive analysis, and users define risk tolerance based on project needs. This combination results in a significantly reduced attack surface, and categorized risk prioritized by business objective," said Brad Crawford, vice president of product at Phylum and co-author of the MITRE ATT&CK Framework.
The Phylum Risk Framework is the standard in software supply chain security, defined by the following categories: Malicious Code, Software Vulnerabilities, Authorship Risk, Reputation, License Misuse and Engineering Risk.
Get the Phylum Community Edition here.
Phylum will be at Black Hat 2022 in Innovation City booth# IC53. To meet up at the event, request a meeting here.
View original content to download multimedia:https://www.prnewswire.com/news-releases/phylum-releases-a-free-community-edition-to-make-software-supply-chain-security-more-accessible-301599698.html